I had the same issue but solved it by removing " from the password.
Before: signtool.exe sign /f mycert.pfx /p "password" /v /t http://... "application.exe"
After: signtool.exe sign /f mycert.pfx /p password /v /t http://... application.exe
Question
I have a new certificate from DigiCert .pfx file which when I try to use it for signing gives the error "The specified PFX password is not correct" However the password works fine when installing it locally. I have tried without specifying a password without success. The certificate was given to me buy another person who purchased it.
Thanks
Solution
I had the same issue but solved it by removing " from the password.
Before: signtool.exe sign /f mycert.pfx /p "password" /v /t http://... "application.exe"
After: signtool.exe sign /f mycert.pfx /p password /v /t http://... application.exe
OTHER TIPS
I had the same issue as well when trying to sign dll files with post-build events in Visual Studio. I found out that the issue was having special characters like percentage sign (%) and comma (,) in the password. I fixed it after setting a new password without those special characters.
I hope this helps
Another possible issue is the encryption of the PFX could be unrecognized, for example a newer SHA256 encrypted cert cannot be used to sign on older SDK's
See related SO answers: signtool - the specified PFX password is not correct from new machine
and
Why I get "The specified PFX password is not correct" when trying to sign application with signtool?
I had the same issue in Azure Devops where I was using a Command Line task:
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /f "D:\Cert\CodeSigning.pfx" /p %_pwd123_% /d "" /du "" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 "D:\Build\Installer.msi"
This resulted in 'The specified PFX password is incorrect'. But I was able to take the actual script command from the failed pipeline, copy it into a cmd prompt on the build machine and run it (without any changes) successfully.
I also tried creating a pipeline variable as I've seen others do and use that in the command like $(pfxPwd)
. That also seemed to translate perfectly when run but still failed.
The solution was to use the pipeline variable but include it in the command like this instead: %pfxPwd%
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /f "D:\Cert\CodeSigning.pfx" /p %pfxPwd% /d "" /du "" /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 "D:\Build\Installer.msi"
Perhaps this trouble was caused by the password beginning and ending with %
.
But since this certificate and password came from IT, there were no other options.
Note: I later discovered that if I change the variable type to 'secret' it no longer works.